AWS systems-manager high security documentation change
Summary
Changed IAM resource from wildcard to specific role ARN
Security assessment
Implements principle of least privilege by restricting permissions to specific resources rather than wildcard (*)
Diff
diff --git a/systems-manager/latest/userguide/configuring-maintenance-window-permissions-cli.md b/systems-manager/latest/userguide/configuring-maintenance-window-permissions-cli.md index d1827b767..833e93d35 100644 --- a//systems-manager/latest/userguide/configuring-maintenance-window-permissions-cli.md +++ b//systems-manager/latest/userguide/configuring-maintenance-window-permissions-cli.md @@ -109 +109 @@ In this task, you specify the permissions needed for your custom maintenance win - "Resource": "*", + "Resource": "arn:aws:iam::account-id:role/maintenance-window-role-name",